ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oliver Szabo" <osz...@hortonworks.com>
Subject Review Request 40476: Ambari LDAP integration cannot handle LDAP directories with multiple entries for the same user
Date Thu, 19 Nov 2015 10:40:14 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/40476/
-----------------------------------------------------------

Review request for Ambari, Dmytro Sen, Robert Levas, Robert Nettleton, and Sumit Mohanty.


Bugs: AMBARI-13943
    https://issues.apache.org/jira/browse/AMBARI-13943


Repository: ambari


Description
-------

Ldap users can't login in case of multiple entries exist for a uid. (uid=username in Ambari)
-> SpringLdapTeample throws an exception on multiple results.
UID is not unique in LDAP, and e.g. for FreeIPA, by default if you create a user, it creates
2 entries with the same uid. (with different object classes)

On login ambari uses "(uid={username})" filter. Instead of that I changed it to "(&(uid={username})(objectclass={userobjectclass}))".
It is a relatively safe change, because if the user object class set up wrongly, then the
group membership pulling wont work anyway.

This change not covers that behavior, when there are multiple domain/forest users in LDAP
(e.g in AD). It will be in an another review request in the future.


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/security/authorization/LdapServerProperties.java
f28ee50 
  ambari-server/src/test/java/org/apache/ambari/server/security/authorization/LdapServerPropertiesTest.java
9043439 

Diff: https://reviews.apache.org/r/40476/diff/


Testing
-------

Unit tests done.
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:44 h
[INFO] Finished at: 2015-11-19T06:37:18+00:00
[INFO] Final Memory: 48M/734M
[INFO] ------------------------------------------------------------------------


Thanks,

Oliver Szabo


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message